Legal

Privacy Policy

Last updated: April 28, 2026

1. Who we are

SaaS Royale (“we”, “us”) operates the website at saasroyale.com and the related arena, leaderboard, and founder profile features. This policy explains what personal data we process and the rights you have over that data under the GDPR and equivalent privacy laws.

2. What we collect

Account data

When you sign up, our identity provider (Clerk) stores your email address, a hashed password or OAuth identifier, and basic profile metadata (display name, avatar). We store a reference to your Clerk user ID in our database to link it to your owned SaaS, battles, XP, and collection.

Payment data

If you subscribe to Crowned, payments are processed by Stripe. Stripe handles card data directly. We never see or store your card details. We keep a Stripe customer ID and subscription status on our side so we can grant and revoke premium access.

SaaS submissions

When you submit a URL, we fetch that URL and its public landing page. We store the page title, meta description, headings, visible text snippets, and the scores we compute from them. None of this is private personal data. It's the public content of a public website.

Usage data

Battle results, Trophies changes, XP events, login timestamps, and preferences (sound on/off, email opt-ins) are stored so the game can function. Server logs transiently capture IP addresses and request metadata for security and abuse prevention.

3. How we use your data

  • Run the arena: match opponents, compute scores, update leaderboards.
  • Authenticate you and protect your account from abuse.
  • Bill you for Crowned subscriptions and handle refunds.
  • Send transactional emails (battle results, claim verification, rival alerts) and, if you opt in, digest emails.
  • Improve the product and debug issues.

We do not sell your personal data, and we do not serve third-party advertising on SaaS Royale.

4. Third-party processors

We rely on a small set of vetted processors to run the app. Each of them has their own privacy terms:

  • Clerk: authentication and session management.
  • Stripe: payment processing for Crowned subscriptions.
  • Resend: transactional email delivery.
  • Vercel: hosting of the web application.
  • Railway: hosting of our PostgreSQL database, Redis, and Playwright worker.
  • Google PageSpeed API: performance scoring for submitted SaaS.
  • PostHog: product analytics and session replay (only if you accept the cookie banner).
  • Vercel Speed Insights: anonymous Web Vitals (LCP, CLS, INP) measurement.

5. Cookies & analytics

We use strictly necessary cookies for authentication (set by Clerk) and to remember your cookie-banner choice. We do not use marketing or advertising cookies, and we do not sell your data.

Product analytics (PostHog)

If you click “Accept” on the cookie banner, we load PostHog to understand how SaaS Royale is used: which pages people visit, where they click, and how flows like submission and the arena perform. PostHog cookies last up to 12 months and only contain anonymous identifiers. If you decline, no analytics scripts load and no analytics cookies are set.

Session replay

PostHog also records a sample of anonymized interaction sessions (clicks, scrolls, route changes, layout) so we can debug bugs and improve the product. We mask all input fields and all on-screen text before recording. We never see what you type or the names of SaaS, battle narratives, or any other text content. Clerk and Stripe frames are excluded from recording entirely. You can opt out at any time by clearing the cookie banner choice in your browser (“Decline” on the next visit) or by emailing us.

Web Vitals

Vercel Speed Insights collects anonymous performance metrics (page load time, layout shift, interaction latency). It does not use cookies and does not identify individual visitors.

6. Data retention

Account data is kept while your account is active. Battle and score history is kept as part of the public record of the leaderboard. When you delete your account, personally identifying information is removed; battles are anonymized. Backups are rotated on a 30-day cycle.

7. Your rights

Under GDPR and equivalent laws, you can:

  • Request a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your account and personal data.
  • Object to or restrict certain processing.
  • Withdraw email consent at any time from your dashboard settings.

To exercise any of these rights, email us at hello@saasroyale.com. We respond within 30 days.

8. Changes to this policy

We'll post any material change to this page and update the “Last updated” date at the top. Continued use of SaaS Royale after a change means you accept the updated policy.